CVE-2021-35580

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.3 and 12.2.3 through 12.2.10

Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager, specifically the View Reports component. Successful attacks require human interaction from a person other than the attacker. This can result in unauthorized update, insert, or delete access to some of Oracle Applications Manager's accessible data, as well as unauthorized read access to a subset of Oracle Applications Manager's accessible data. The impact of such attacks may significantly affect additional products.

Recommendations: For versions 12.1.3, update to a version that includes the fix for this issue. For versions 12.2.3 through 12.2.10, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the View Reports component in Oracle Applications Manager until a patch is available.